Looking at the results of a recent survey conducted by the UK Government, it seems that the business community of the country as a whole is ill-prepared for the introduction of the General Data Protection Regulation (GDPR), on 25 May 2018.
The most concerning fact is that only 38% of business and organisations questioned were actually aware of the implementation of GDPR, and its effects. Although, the number greatly increased, to 80%, for larger business and companies, with more than 250 employees.
Even so, that still means that 20% of large businesses and organisations in the UK are putting themselves at risk of receiving fines of up to 20 million euros, or 4% of annual turnover, whichever is higher, if they are found to be non-compliant with GDPR regulations. Smaller businesses could be seriously affected by even small fines, and they are less well-informed; only 49% of small businesses and 31% of micro businesses said that they were GDPR aware.
What about those those are aware?
The situation is not a lot better when you look at businesses and organisations that said they are aware of GDPR. Less than half of the businesses and organisations questioned, and aware, said that they had made any procedural or security changes as a result of GDPR stipulations. Even given the fact that the current Data Protection Act is in place, it seems that changes brought about by GDPR, such as the right to data portability and alterations to the System Access Request (SAR) process, would necessitate some procedural change.
It is difficult to define why UK businesses and organisations seem to be so ill-prepared for the introduction of GDPR. It could be that Brexit has made them believe that it is less important to be aware of the implications, or comply with them. This is not the case as the UK is still a member of the EU at present.
Even when it leaves the EU, any business or organisation processing the personal data of EU citizens will still be expected to comply, and it is expected that GDPR stipulations will remain within UK law. The fact is that UK businesses and organisations need to step up their preparations, or face the consequences of non-compliance with GDPR.